LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities

medium Nessus Plugin ID 73336

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities with Python.

Description

A version of LibreOffice prior to 4.1.5 / 4.2.0 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple vulnerabilities including a denial of service vulnerability related to Python.

A remote attacker could use these flaws to cause a denial of service or to conduct spoofing attacks.

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number.

Solution

Upgrade to LibreOffice version 4.1.5 / 4.2.0 or later.

See Also

http://www.libreoffice.org/about-us/security/advisories/cve-2013-1752/

http://www.nessus.org/u?bc6741ee

http://www.nessus.org/u?a594575e

Plugin Details

Severity: Medium

ID: 73336

File Name: libreoffice_420.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 4/4/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2013-4238

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/20/2014

Vulnerability Publication Date: 3/20/2014

Reference Information

CVE: CVE-2013-1752, CVE-2013-4238